An Enhanced Endpoint Management Strategy

April 2017 – If you’re using ‘free’ tools that come with a vendor’s Enterprise Agreement, consider augmenting your existing solution’s discovery and patch capabilities with an industrial strength software catalog and usage analysis tool to address software compliance across all platforms – Windows, Mac, and *nix. Couple this approach with a process work flow engine and you can achieve full life cycle software and hardware asset management while leveraging your existing infrastructure and investment in IT skills.

What does this buy you? Imagine not having to struggle preparing for end-of-year software audits or paying for licenses you aren’t even using – hindered by a lack of visibility into what’s installed on servers and PCs; PCs which may not even be present on the corporate network during the inventory process. As an alternative, what if at any time you could identify precisely what software is installed on all endpoints, on and off the corporate network, as well as how the software is actually used and whether this software should even be on your endpoints? The result will be a tremendous savings in maintenance costs and better utilization of staff time, a reduction in acquisition costs, and a much-improved security posture.

Using IBM BigFix Inventory, you could see that 5,000 licenses of a particular vendor’s software ‘Professional suite’ are deployed, and know that only 400 users regularly use a particular component, enabling you to downgrade 92% of the licenses to that product’s ‘Standard’ version and derive the associated savings immediately. With these metrics, organizations are not only better prepared for audits, but they quickly save hundreds of thousands and even millions of dollars with immediate payback. In fact, one company in the food industry saved over $500,000 per year just by downgrading most of its users to the ‘Standard’ version of such a software product.

Now imagine that you have Java installed on these 5,000 endpoints and that 80% of these endpoints have multiple older, unsecure, versions of Java still resident on these systems. Using BigFix Inventory you can identify each endpoint that these older versions of Java reside upon and then use your existing free tools to uninstall these out-of-date instances. In a study released by Cisco Systems in 2014, Java accounted for 91 percent of Web exploits tallied – and 14 percent of all successful PC exploits! By removing these older versions of Java you would immediately strengthen your company’s security posture.

Following this same theme, you can also augment your free tool’s remediation capabilities by using BigFix Detect. BigFix Detect delivers a whole new level of endpoint security by addressing critical gaps in today’s endpoint security tools. Simply put, you can see your endpoint landscape clearly, understand threats completely and within context, and then act with precision to stop cyber criminals in their tracks.

With BigFix Detect you will be able to:

Discover and audit all of your endpoints and detect malicious behavior in context
• Investigate attacks and decide how to contain and remediate them with blazing speed
• Use your free tools, to roll out precise update packages and patches required to prevent attacks and reduce your overall attack surface

If you go back to the Java scenario of removing older, unsecure versions, there are often instances in which you have critical applications that are built upon these older Java instances. This means your company is being forced to employ unsecure and exploitable versions of Java. With IBM BigFix Detect, you will immediately know and be able to contain these exploitations even when remediation may not be possible.

This strategy of augmentation with BigFix Inventory and Detect allows your existing support teams and infrastructure to remain intact while your company gains much more insight and capability in terms of managing all of your endpoints reducing your operating spend while significantly enhancing your security posture.